VSEC Blog: IT Security Channel News brought to you by Infinigate UK

The Facebook fiasco – Social media, privacy, and what it all means to business

Posted: 27 June 2018

Facebook has been in the news a lot lately, and the publicity hasn’t been the good kind. Reports that Cambridge Analytica – a British company that uses data mining and data analytics in providing consulting services to political campaigns – had accessed information about U.S. voters through their Facebook accounts created a firestorm. It also brought to the forefront the much broader issues of how all that “TMI” that we share on social media sites can end up in places and uses that we never intended or expected.

The outrage has generally been on behalf of individuals whose data was collected through a “personality quiz” app developed by a Cambridge researcher, but what are the implications of all this for businesses? That’s what we’re going to look at in this article.

Importance of social media as a business tool

Facebook beganas a website where college students could connect and get to know about one another. However, it has grown into much more. Today it is not only a venue for individuals of all ages to meet new people and keep in touch with family and friends all over the world;it is also a business platformwhere companies can market their goods and services to millions of users and develop relationships with existing and potential customers.

The cost of utilizing social media is low in comparison to many other marketing and advertising methods, making it one of the most cost-effective ways to increase awareness of a company’s brand with minimal monetary and time investment. Customers tend to trust businesses more when they feel a personal relationship with the company, and interaction on social sites builds those relationships. Quick public response to questions and complaints gives customers assurance that the company cares.

Social media is also a great tool for gaining more insight into your audience’s preferences and opinions to help you fine-tune both your products and your pitches. And therein lies one of the issues arising from Facebook’s high-profile data collection scandal.

Getting to know you

To target your social content to your intended audience’s preferences, you need to know as much about them as possible. “Know your customer” was a rule of good business long before it became aregulatory requirementfor banks and other financial services. In the context of marketing, it’s about understanding the people who use, have used, or are considering using your product or service. When it comes to insight into how customers think and behave, there is no such thing as TMI (too much information).

Once upon a time, collecting this information required hiring expensive market research firms to conduct interviews, mailing out customer satisfaction surveys, and/or relying on letters and phone calls from those customers who took the time to document their complaints or kudos. Social media makes it much easier.

Business analyticsis a field that has exploded in the past decade, encompassing business intelligence, online analytical processing (OLAP) and general data analytics. It uses mathematical algorithms and machine-driven deep learning techniques to interpret data to be used as the basis for predictions and about future behavior.

Social sites such as Facebook now provideanalyticsandmarket insight servicesthat businesses can use to find out more about those who visit their business pages. However, this is presented not as personal identifiable information, but as aggregate demographic, geographic, and behavioral data.

But the information that Cambridge Analytica allegedly used went further.

There’s an app for that

The enabling technology is a protocol called Open Graph, third-party app developers can use that to (among other things) request permission from users to access their personal data. This data includes such things as name, location, date of birth, gender, and political and religious preferences.

Cambridge Analytica used this capability in creating an app called thisisyourdigitallife. It asks users to answer questions and from that, creates a psychological profile. Now here is the rub: although the user has to permit to access his/her data in order to use the app, it apparently was then able to access not just the app user’s data but also that of the users’ friends. According to reports, as many as 87 million Facebook profiles were accessed.

That’s where it all becomes a he said/she situation; “whistleblower” Christopher Wylie said the Facebook data was used in President Trump’s election campaign, which Cambridge Analytica denies. Facebook was accused of violating a 2011 FTC agreement regarding user privacy. Facebook has changed its rules to disallow apps to access friends’ data without permission, says it will audit apps with access to large amounts of data and is instituting other safeguards around third-party apps.

The rest of the story

There are a number of different factors at play here, but the political aspect has overshadowed the real story. Looking behind the “who” (Facebook, Cambridge Analytica, Trump), it’s important to consider the “what, why and how.” Most companies that are using data collected by social media to target ads are not trying to get anyone elected president; they’re trying to sell products and services. But the fallout from the Facebook incident, whichcomes on top of other privacy breachessuch as the Equifax and Yahoo cyber attacks, is likely to affect them, too.

According to Pew researchreports, 69% of Americans use social media sites and yet 80% say they’re concerned about businesses accessing the data they share. Half of users said they weren’t confident that social media companies would protect their data. Two-thirds of those surveyed say the current U.S. laws don’t adequately protect privacy.

Where is this all leading? We need only look to Europe to see what is likely in the future. The General Data Protection Regulation (GDPR) provides data subjects with specific rights regarding their personal data, prescribes mandates for businesses that collect, process or store the personal data of European Union residents, and imposes hefty penalties for failure to comply.

This means many U.S. companies – even those with no physical presence in Europe – already fall under the EU regulation and are, in fact, investing millions of dollars in measures meet its requirements as the May 25 deadline approaches. The good news is that if and when the U.S. doesadopt similar privacy regulations– something that many think is likely – those organizations will already be a step ahead of the game.

Subscribe to VSEC Blog Updates

Terms and Conditions:

When completing this form, you are indicating your consent for this processing activity. By doing this you are providing Infinigate UK with lawful consent to process your submitted personal data for one or both of the marketing purposes below:

We will use your details to send you blog updates.

We will match your answers to areas of interest which believe you have and may send you additional marketing materials related to those areas.

We will keep your personal data for nine months, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it. You are free to withdraw your consent at any time by contacting our marketing department or using one of our unsubscribe links in our communications.

In some cases where you indicate consent for supplying you with additional promotional marketing material, we will share your personal data with one of our reseller partners, should your areas of interest match a solution or service they provide. We instruct all our reseller partners to communicate this data transfer with data subject affected.

Your personal data is stored in a marketing automation solution database, access to this is limited to authorised users and all necessary steps to ensure data security is maintained.

For further information about this form, your rights under the General Data Protection Regulation or how to exercise them, please contact Infinigate's marketing department here.